Today it is very common for users to access a secure network via a portable electronic device, such as a laptop or a personal digital assistant (PDA). Such secure networks protect data as it is being transferred to and from the portable electronic device by such methods such as firewalls, virtual private networks (VPNs), and the like. For example, one traditional method to protect a corporate network is a firewall at the perimeter of the network.
However, such protection is only effective if the computing device stays behind the firewall. If the laptop or PDA is stolen then whatever files are on the user's computing device are vulnerable to theft as well. The computing device may be vulnerable even if the computing device is not stolen. For example, if it is taken home, the laptop or PDA will not be sitting behind the corporate perimeter firewall. Thus, any files that the user downloaded to the computing device are vulnerable. For example, if the user is connected to an un-secure network from home, a hacker may gain access to confidential files stored on the laptop.
Some additional measure of protection may be achieved via a software-implemented firewall. While a software firewall may operate even if the computing device is physically remote from the perimeter firewall protected network, the software firewall is susceptible to attacks from Trojan programs and other hacking methods. For example, the data may flow from a network interface card to a host device's operating system software stack where the software firewall performs its rule checks to determine whether the data should proceed further up the software stack. (And for outbound data the software firewall again resides at a point well above the network interface). Numerous examples have been reported in which such software firewalls have been compromised. For example, encryption keys may be passed though the system software stack where a hacker may easily hide and monitor.
Thus, a need has arisen for a way to protect data downloaded to a computing device from a secure network. A further need exists to protect such data if the computing device is stolen. An even further need exists to protect data on a computing device under attack when connected to an un-secure network. A still further need exists for a solution that is not easily defeated by hacking techniques such as Trojan programs.